Hackers tried to use Sophos Firewall zero-day to deploy Ransomware


Level 16
May 4, 2019
Hackers tried to exploit a zero-day in the Sophos XG firewall to distribute ransomware to Windows machines but were blocked by a hotfix issued by Sophos.

At the end of April, hackers utilized a zero-day SQL injection vulnerability that leads to remote code execution in Sophos XG firewalls.
Attackers used this vulnerability to install various ELF binaries and scripts that are being named by Sophos as the Asnarök Trojan.
This Trojan was used to steal data from the firewall that could have allowed the attackers to compromise the network remotely